Web App External User Authentication

This authentication method is designed for Web Apps with publishing permissions set to “Authenticated External Users”. External users can access Web Apps through authentication without needing to register Dify Enterprise accounts.

External users are individuals who are not part of your Dify Enterprise system.

This authentication method enables organizations to control application access while monitoring and managing external users through third-party identity providers.

Use Cases

Consider a scenario where IT staff have built AI assistants for company employees, but not everyone has joined the Dify Enterprise system. However, all employees exist in a third-party identity provider. External user authentication allows these users to access applications through SSO without Dify registration.

This approach is ideal when providing AI services to customers, partners, or other external stakeholders.

​

Authentication Process

​

Configuration Steps

​

Prerequisites

Before you begin, verify that:

• Dify Enterprise is deployed and running
• You have system administrator access
• Your SSO identity provider is configured and ready

​

Step 1: Configure SSO Identity Provider

1. Access the Dify Enterprise Admin Console
2. Go to Identity Authentication → Web App External Users
3. Click Configure in the “SSO Identity Provider” section

Configure based on your specific identity provider. For detailed setup instructions, see Configure SSO Authentication.

​

Step 2: Enable External User Authentication

1. Once configuration is complete, locate the Enable SSO toggle
2. Switch it to On

​

Step 3: Test Authentication Configuration

1. Set Web App permissions to Authenticated External Users during publishing
2. Share the Web App URL with external users
3. Verify proper redirection to the SSO login page
4. Test the complete login flow with a test account
5. Confirm successful Web App access

​

Common Issues